Second factor password authentication (2FA) involves two stages to verify the identity of an entity trying to access services in a computer or in a network. Each stage typically involves a different authentication factor, for example a knowledge factor, a possession factor, or an inherence factor.
A primary authentication factor is typically based on “knowledge”. The user remembers credentials such as a predefined user name, password, or a personal identification number (PIN) for authenticating at a service.
Many solutions for second authentication factors exist. For example a SMS message with a code may be sent to the user. The user reads this code from the display of a mobile phone and then types the code into a website for authentication purpose. This type of authentication can be attributed to the “possession factor” category. The user needs to be in possession of the mobile phone, or more precisely in possession of the SIM card, in order to be able to receive the SMS code. Other second factor authentication solutions comprise installing a software application on a mobile phone. The software application generates codes that the user needs to type into a website. Further, small electronic devices exist which generate codes that the user needs to type into a website.
Other solutions for second authentication factors rely on fingerprints, retinal patterns, or the like. Such solutions are typically attributed to the “inherence factor” category.
Second factor authentication solutions as those described above are used for example for authenticating transactions in electronic banking. Business uses of second factor authentication comprise access to virtual private networks (VPN). Further, many popular websites offer second factor authentication solutions to make the user verification safer.
Second factor authentication solutions which rely on possession and/or inherence factors are safer than a verification which is based on a knowledge factor (user name and password) alone. However, they require additional efforts from the user which may be felt as difficult and annoying.